Unable to add a threat ID in DNS signatures for DNS sinkhole

by rchougale on ‎03-20-2016 12:44 PM - edited on ‎06-03-2016 10:27 AM by (7,664 Views)

Issue

When trying to add a specific threat ID for DNS spyware related threat inside Objects > Security profiles > Anti-spyware > Profile > DNS signatures > Threat ID exceptions, you may get the following error:

 

Threat <ID#> must be a value in range 3800000-4999999 or 5800000-5999999

 

 

222.PNG

Error while trying to add for threat ID 14875 Poison DNS request traffic.

 

Resolution

Only threat IDs with value in ranges 3800000-4999999 or 5800000-5999999 can be added to threat ID exceptions.

 

See Also

For more info on threat ID ranges in the Palo Alto Networks Content Database, please see:

Threat ID Ranges in the Palo Alto Networks Content Database

 

Comments
by JBal
‎03-31-2017 08:00 AM - edited ‎03-31-2017 08:54 AM

After upgrading Panorama to PAN-OS 8.0, when trying to add a threat exception on the DNS Signatures tab, we get the error:

Invalid Threat ID range. DNS-Sinkhole -> botnet-domains -> threat exception is invalid.

I have verified the threat on the Exceptions tab, before adding it, it is the correct type and the TID should be in the correct range as described above and also here.

The same steps are working fine on the Firewall with 8.0.

One of the new features in 8.0 is that globally unique TID`s have been introduced.

Were all the old TID`s, or the ranges modified? If yes, it looks like in Panorama the DNS Signatures exception tab is not reflecting this change. 

Anyone else experienced this issue? Is it a bug?

 

Thanks

 

 

by JBal
on ‎04-07-2017 08:20 AM

To answer myself: PAN TAC confirmed the above is a bug in Panorama, will be fixed.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community